Uploaded image for project: 'C# Driver'
  1. C# Driver
  2. CSHARP-4862

Enable TLS1.3 Support

    XMLWordPrintableJSON

Details

    • Icon: New Feature New Feature
    • Resolution: Fixed
    • Icon: Unknown Unknown
    • 2.24.0
    • None
    • Security
    • None
    • Not Needed
    • Hide

      1. What would you like to communicate to the user about this feature?
      2. Would you like the user to see examples of the syntax and/or executable code and its output?
      3. Which versions of the driver/connector does this apply to?

      Show
      1. What would you like to communicate to the user about this feature? 2. Would you like the user to see examples of the syntax and/or executable code and its output? 3. Which versions of the driver/connector does this apply to?

    Description

      The SslStreamFactory uses SslStreamSettings to enable TLS1.2, 1.1, and 1.0 by default:

      _enabledSslProtocols = enabledProtocols.WithDefault(SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls);
      

      It notably does not enable TLS1.3 support because TLS1.3 support was added in .NET 5. (It is available in netcoreapp3.1 but not netstandard2.1.) We need to add support for .NET 5 and enable TLS1.3 by default. We should also remove support for TLS1.0 and 1.1 by default as they have known vulnerabilities.

      Another possibility is to use SslProtocols.None, which allows the operating system to choose the best protocol to use and to block protocols that are not secure. Microsoft recommends this setting unless your app has a specific reason not to. We should consider the pros and cons of explicitly enabling protocols versus deferring to the operating system.

      For current users of the driver, they can opt into TLS1.3 via:

      const string MONGODB_URI = "<<YOUR CONNECTION STRING>>";
      var settings = MongoClientSettings.FromConnectionString(MONGODB_URI);
      settings.SslSettings.EnabledSslProtocols = SslProtocols.Tls13;
      var client = new MongoClient(settings);
      

      Attachments

        Activity

          People

            james.kovacs@mongodb.com James Kovacs
            james.kovacs@mongodb.com James Kovacs
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: